diff --git a/roles/ipa/server/files/use_id_fp_o.ldif b/roles/ipa/server/files/use_id_fp_o.ldif
new file mode 100644
index 0000000000..e24ebf974e
--- /dev/null
+++ b/roles/ipa/server/files/use_id_fp_o.ldif
@@ -0,0 +1,4 @@
+dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=fedoraproject,dc=org
+changetype: modify
+add: memberPrincipal
+memberPrincipal: HTTP/id.fedoraproject.org@FEDORAPROJECT.ORG
diff --git a/roles/ipa/server/tasks/main.yml b/roles/ipa/server/tasks/main.yml
index 77821b77cf..dba9915dd1 100644
--- a/roles/ipa/server/tasks/main.yml
+++ b/roles/ipa/server/tasks/main.yml
@@ -203,6 +203,7 @@
   with_items:
   - grant_anonymous_replication_view.ldif
   - grant_fas_sync.ldif
+  - use_id_fp_o.ldif
   tags:
   - ipa/server
   - config
@@ -212,6 +213,7 @@
            -f /root/ldif/{{item}}.ldif
   with_items:
   - grant_fas_sync
+  - use_id_fp_o
   when: inventory_hostname.startswith("ipa01")
   tags:
   - ipa/server